package com.crm.miaohe.security.config;

import com.crm.miaohe.security.Oauth2AuthenticationEntryPoint;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Lazy;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer;
import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;

@EnableWebSecurity
@Configuration
@AutoConfigureAfter(ResourceServerConfig.class)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    private final AuthenticationManager authenticationManager;

    private final Oauth2AuthenticationEntryPoint authenticationEntryPoint;

    public SecurityConfig(@Lazy AuthenticationManager authenticationManager,
                          Oauth2AuthenticationEntryPoint authenticationEntryPoint) {
        this.authenticationManager = authenticationManager;
        this.authenticationEntryPoint = authenticationEntryPoint;
    }

    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/api/erp/auth/login", "/api/erp/auth/login_encode");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers(HttpMethod.OPTIONS).permitAll()
                .antMatchers(HttpMethod.GET, "/api/erp/common/**").permitAll()
                .antMatchers(HttpMethod.POST, "/api/erp/customer/apiRegister").permitAll()
                .antMatchers(HttpMethod.POST, "/api/erp/auth/login", "/api/erp/auth/login_encode", "/api/erp/auth/refresh_token").permitAll()
                .antMatchers(HttpMethod.PUT, "/api/erp/password/reset/**").permitAll()
                .antMatchers(HttpMethod.GET, "/api/erp/strategy/defaults").permitAll()
                .antMatchers("/api/erp/admin/**").hasAnyAuthority("ROLE_ADMIN", "ROLE_KEFU")
                .antMatchers(HttpMethod.GET, "/api/erp/order/export","/api/erp/order/exportERP").permitAll()
                .antMatchers(HttpMethod.GET, "/api/erp/order/addOutqty","/api/erp/order/subOutqty").permitAll()
                .antMatchers(HttpMethod.GET, "/api/erp/navigation/list").permitAll()
                .antMatchers(HttpMethod.GET, "/api/erp/information/list").permitAll()
                .antMatchers(HttpMethod.POST, "/api/erp/file/**").permitAll()
                .antMatchers(HttpMethod.POST, "/api/erp/customer/deposit/**").permitAll()
                .antMatchers(HttpMethod.POST, "/api/erp/order/status/**").permitAll()
                .antMatchers(HttpMethod.POST, "/api/app/weixin/**").permitAll()
                .antMatchers(HttpMethod.GET, "/api/erp/openid/find").permitAll()
                
                .anyRequest().authenticated()
                .and()
                .csrf(CsrfConfigurer::disable)
                .oauth2ResourceServer(resourceServerConfigurerCustomizer(authenticationManager))
                .exceptionHandling().authenticationEntryPoint(authenticationEntryPoint)
                .and()
                .sessionManagement(sessionManagement -> sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
    }

    @Bean
    Customizer<OAuth2ResourceServerConfigurer<HttpSecurity>> resourceServerConfigurerCustomizer(AuthenticationManager authenticationManager) {
        return configure -> configure.jwt().authenticationManager(authenticationManager);
    }


}
